The project is in a healthy, maintained state
Helps generate a content security policy for inline scripts and styles.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
 Project Readme

jekyll-content-security-policy-generator Plugin

This Jekyll plugin automatically builds an HTML content-security-policy for inline scripts and styles. The plugin will scan .html files generated by Jekyll, generate a related SHA256 hash for each inline style or script found and then build a meta tag which is inserted into the <head> section. If there is already an existing content-security-policy meta tag found, the script will reuse this by appending the hashes into the correct sections.

Goal

To help speed up site development by allowing the use of inline scripts, styles and more but also using content security policies to help secure site pages.

Features

  • Scans for .html files generated by Jekyll.
  • Finds inline scripts such as <script>alert("Hello World!");</script> and generates an SHA256 hash.
  • Finds inline styles such as <style>.hello { color: "red"; }</style> and generates an SHA256 hash.
  • Creates or reuses an HTTP meta tag for the content security policy.

Upcoming Features

  • Options to generate for non-inline tags such as <script src="https://google.com/captcha.js"></script> which will then add https://google.com/captcha.js to the script-src section of the meta tag.
  • Ability to convert style attributes such as <div style="color:red"> to <div id="#csp-gen-261626"></div> <style>#csp-gen-261626 { color:red }</style> which will then pass through the default plugin where a SHA256 is generated.

Installation

gem install jekyll-content-security-policy-generator

Then add this to your _config.yml:

plugins:
  - jekyll-content-security-policy-generator

Support

https://strongscot.com